Smart software cracks sound-based CAPTCHA security

IRONIC, isn’t it. Those distorted words that websites have you type to prove you aren’t a machine are in fact easy for software to decode, mainly because words are chosen with little insight into how secure they are.

“Many websites use CAPTCHAs, and there are a lot of designs floating around,” explains Elie Bursztein from the Stanford Security Lab in California. These mimic the original puzzles developed by Luis von Ahn and colleagues at Carnegie Mellon University in Pittsburgh, Pennsylvania.

Bursztein and colleagues decided to investigate how the different methods fared across as many sites as possible to work out how to make them more effective.

The team’s software, aptly named Decaptcha, works in stages. First it removes lines through letters, then it isolates each of the warped letters. Each character is processed to make it more legible, and software reads the letters and assembles them into ...

To continue reading this article, log in or subscribe to New Scientist